Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

ISIS Cyber Ops: Empty Threat or Reality?

The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.

The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.

While ISIS forces sweep across Iraq and Syria, claiming villages, cities, oil resources and swaths of land, their sophisticated global social media campaigns flash across the globe seeking to claim the hearts and minds of like-minded Muslims to join their fight.

Well-shot YouTube videos, professional-quality magazines, engaging Facebook and Twitter campaigns and orchestrated use of other social media platforms are deployed with the sophistication rivaling that of many U.S. corporations. Radicalization, recruitment, training, spreading fear and dissent, and fund raising headline their objectives, and the world their market.

ISIS FlagRadicalized jihadists in-place in America as well as ISIS followers with U.S. passports returning home with the objective of bringing the war front to America create a host of new dangers which must be dealt with.

But does an even more dangerous threat lie with ISIS’s possible use of cyber weapons against American critical infrastructure, financial system or other targets? Will such attacks be attempted and do the capabilities exist within ISIS to do so?

There are opinions to support each point of view.

The Will to Act

One question is whether ISIS will be consumed with the protection and continued expansion of its immediate fighting fronts, i.e., the “near enemy,” or whether its scope of vision includes America’s homeland. The Economist advances a strong case that desire for such expansion not only exists but will be exercised: “With its ideological ferocity, platoons of Western passport holders, hatred of America and determination to become the leader of global jihadism, ISIS will surely turn, sooner or later, to the ‘far enemy’ of America and Europe.”

And perhaps any doubt the militant’s sights are on America was removed by ISIS leader Abu Bakr al-Baghdadi’s Sept. 22 call for jihadists to not wait for the order but to rise, take up arms, and “kill Americans and other infidels” wherever they are. Clearly the group is showing no hesitancy in its desire to strike the U.S. heartland on a personal scale.

Advertisement. Scroll to continue reading.

Cyber Operations Capability?

As to whether ISIS will have the capability to mount cyber operations against the U.S., David DeWalt, head of cybersecurity firm FireEye, believes that ISIS will follow in the footsteps of the Syrian Electronic Army and the Iran-based Ajax Security Team to target the United States and other Western nations.

“We’ve begun to see signs that rebel terrorist organizations are attempting to gain access to cyber weaponry,” DeWalt stated recently. He added that booming underground markets dealing in malicious software make offensive cyber weapons just an “Internet transaction” away for groups such as ISIS.

Alternative opinions posit that ISIS’s adroit use of social media does not necessarily translate into a real cybersecurity threat for the United States. One such point of view comes from Craig Guiliano, a former counterterrorism officer with the Department of Defense, who pushes aside possibilities of ISIS acquiring cyber weaponry, stating, “I don’t think anyone has proof that ISIS has acquired the manpower or the resources to launch an attack on U.S. infrastructure.”

Jim Lewis of the Center for Strategic and International Studies agrees. “You need to have hardcore programmers. ISIS does not have those capabilities,” Lewis said.

Indeed, ISIS, al Qaeda or any of the militant extremists may not possess such capabilities, but with their financial resources may very well be able to acquire them on the markets of the dark web.

About this subject much is unknown. But one point is known for certain: The battle with militant extremists is coming to American soil. There is little reason not to believe that such attacks will, at some point, include a cyber dimension. There is thus every reason to prepare for and take preemptive measures to disrupt potential extremist cyber operations before those attacks come to us.

Tom Keane and Lee Hamilton, the authors of the 9/11 Commission Report, recently stated this: “One lesson of the 9/11 story is that, as a nation, we didn’t awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.”

The speed at which geopolitical conditions are changing globally and with regard to ISIS and similar groups specifically means the U.S. will need canary-like sensitivity to such developing threats and act accordingly. Given the current inadequate state of U.S. national cyber defenses, let’s hope the canary lives.

RelatedSocial Media a Key Element for Terror Groups

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...